Penetration Tester (Java) - Contract

E

Experienced Recruiting Partners

Penetration Tester (Java) - Contract

Albany, NY
Full Time
Paid
  • Responsibilities

    Job Category listing: Technical Subject Matter Specialist (Senior)

    Contract Role
    Location: Hybrid Capital Region NY (4 days/month)

    A Penetration Tester with a focus on Java application security is sought to identify, exploit, and fix vulnerabilities in Java applications to guard against cyber threats.

    Requirements:

    • Bachelor’s degree in a related software field with 6+ years in a Dev Sec role.
    • Core Java coding experience.
    • Previous job background as an engineer and Dev Sec position on a large scale public enterprise scale application.

    Key Responsibilities:

    • Conduct penetration tests and vulnerability assessments for Java applications and infrastructure.
    • Identify security flaws in Java code using automated and manual methods.
    • Create and use custom exploits to test application security, simulating attacker tactics.
    • Collaborate with Development teams to understand application architecture and find security weaknesses early.
    • Collaborate with Testing teams to integrate with manual and automation testing.
    • Provide guidance on secure coding and how to fix vulnerabilities.
    • Stay updated on Java security threats and best practices.
    • Help improve secure development processes (SDLC).
    • Assist in responding to security incidents related to Java vulnerabilities, current published NIST CVE.
    • Clearly document and report findings, including technical details, risk assessment, and recommended solutions.
    • Communicate findings and recommendations to both technical and non-technical staff.
    • Contribute to security policies for Java development and deployment.
    • Manipulate URLs, query parameters and Application browser data to look for penetration avenues. Validate and asses’ browser tokens and cache manipulation and Production vs. none prod architecture.
    • Familiar with MITRE ATT&CK Framework.

    Qualifications:

    • Bachelor's degree in Computer Science, Information Security, or a related field.
    • Minimum of 6 years of Development/Security experience
    • Experience in Penetration Testing/Ethical Hacking with a focus on Java application security.
    • Strong knowledge of Java programming and its security practices as well as scripting experience.
    • Proficiency in web application security principles (e.g., OWASP).
    • Knowledge of common web vulnerabilities (e.g., SQL injection, XSS) and exploit techniques.
    • Experience with penetration testing tools like Burp Suite, Metasploit.
    • Familiarity with Fortify on Demand SAST and DAST tools.
    • Strong understanding of cryptography and secure communication protocols (e.g., SSL/TLS).
    • Excellent problem-solving and analytical skills.
    • Strong communication skills.
    • High ethical standards and confidentiality.

    Preferred Qualifications:

    • Certifications such as OSCP, GWAPT, GXPN, GPEN, LPT, CEH, CISSP or other industry security certifications.
    • Experience with scripting languages (e.g., Python, Bash).
    • Experience with secure code review for Java.
    • Familiarity with cloud security testing.
    • Experience with mobile application penetration testing.
    • Knowledge of regulations like HIPAA.
    • Experience with API testing